Scaled Virtual Wards to 1M+ Patients and 1,000s Clinicians with Regulated AI

Context

A UK healthcare group needed to rapidly improve and scale remote patient (virtual) wards during and immediately after the Covid pandemic. The objective was to transform an advanced prototype into a secure, regulated Software as a Medical Device (SaaMD) platform capable of supporting millions of patients and thousands of clinicians while preserving data security and clinical safety. The work focused on healthtech best practice, delivering an AI-driven, cloud-capable solution to enable remote monitoring, risk stratification and clinician-led interventions across large patient populations.

Challenges

The initial prototype was clinically promising but underperforming in real-world conditions and could not scale beyond a limited number of patients and clinicians. The platform relied on commercially-sensitive, highly-regulated algorithms that formed the core of triage and escalation decisions, requiring strict controls for IP protection, auditability and safety. Achieving and maintaining ISO 13485 quality management for medical devices and proving SaaMD compliance for data and software processes added regulatory complexity. The organisation also needed to implement processes to pass surveillance audits and ensure ongoing compliance while accelerating delivery during a public health emergency.

Implementation

We re-architected the platform around a secure, scalable cloud-native architecture with AI decision making at the heart of the regulated solution. Key elements included separation of concerns between data ingestion, AI inference, and clinician-facing workflows; robust role-based access controls; encryption in transit and at rest; and compartmentalised hosting to protect commercially-sensitive models and IP. AI algorithms were modelled explicitly to support clinician use—predicting deterioration risk, recommending monitoring frequencies and flagging escalation pathways—while keeping clinicians as the final decision-makers.

A secure product development lifecycle was defined, incorporating formal verification and validation steps consistent with SaaMD guidance and ISO 13485 requirements. We introduced automated testing pipelines for AI integrity: unit and integration tests for model code, synthetic and anonymised clinical datasets for performance regression, continuous monitoring of model drift, and automated end-to-end tests for safety-critical decision pathways. Continuous integration/continuous deployment (CI/CD) was combined with gated releases requiring sign-off against verification criteria and traceability of changes.

To support scale, the platform was engineered to handle thousands of concurrent patient sessions and to elastically scale to millions through stateless microservices and managed cloud services. Operational tooling was added for real-time telemetry, performance scaling, and secure audit logging to support both clinical governance and regulatory inspection. Company processes were redesigned to embed medical device quality practices across product, engineering and clinical teams, including change control, post-market surveillance planning and readiness for external audits.

Results

The re-architected, regulated AI-driven platform achieved ISO 13485 certification and met SaaMD compliance requirements for secure data and software processes. Automated AI testing and rigorous verification/validation pipelines ensured algorithm integrity and traceable decision logic, enabling demonstrable reliability and safety at scale. The solution successfully scaled from a limited prototype to support more than 1 million patients and thousands of clinicians, handling thousands of concurrent active patients and elastically expanding for peak demand.

As a result of the technical and process transformation, the organisation was awarded significant programmes to deploy virtual wards across multiple regions, directly benefiting thousands of patients with earlier intervention and reduced hospital pressure. The redesigned company processes supported ongoing surveillance audits and regulatory maintenance activities, establishing a sustainable compliance posture. Overall, the project demonstrated that a secure, regulated SaaMD platform with AI decision support can deliver reliable, auditable remote care at national scale while safeguarding commercially-sensitive algorithms and clinical governance.